Ravens PHP Scripts: Security



Search on This Topic:   
[ Go to Home | Select a New Topic ]
 

 

PHP-Nuke Patched 2.3 More about

Posted on Thursday, April 01, 2004 @ 09:34:36 CST in Security
by chatserv

PHP-Nuke Patched has been moved up to version 2.3 to reflect the latest changes which include the fixes to BBtoNuke as found in BBtoNuke 2.0.8a and also to include the latest security fixes like the admin.php vulnerability fix and the Private Messages security fix.

This also marks the debut of PHP-Nuke Patched for PHP-Nuke 7.2, my thanks to Stephen Crawford for all the testing performed on the patch for 7.2.
Download locations:
Nuke 6.0 · Nuke 6.5 · Nuke 6.6-6.8 · Nuke 6.9 · Nuke 7.0 · Nuke 7.1 and Nuke 7.2


 

 

Admin.php exploit that affects all versions More about

Posted on Monday, March 29, 2004 @ 14:57:50 CST in Security
by Raven

Yet another one. This appears to be limited to a person who is already an admin. Chatserv offers up a great fix, as usual! See this post .


 

 

admin.php vulnerability More about

Posted on Tuesday, March 23, 2004 @ 01:23:18 CST in Security
by chatserv

SecurityFocus has reported about a vulnerability in admin.php that allows an attacker to create a superuser or modify existing ones, several solutions have been provided and i for one will check into them but in the meantime i offer adding to admin.php after the credits the following:

if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {
die("Illegal Operation");
}

Neither op should pass through the url anyway so my first choice is to block them, i will check into this issue tomorrow.

[Admin Note:] For those who use my Hacker Script, you can do this

if(stristr($_SERVER["QUERY_STRING"],'AddAuthor') || stristr($_SERVER["QUERY_STRING"],'UpdateAuthor')) {
$loc = $_SERVER['QUERY_STRING'];
header("Location: hackattempt.php?$loc");
die();
}


 

 

BBtoNuke 2.0.7a More about

Posted on Monday, March 22, 2004 @ 21:27:22 CST in Security
by chatserv

The phpBB Group recently updated version 2.0.7 to correct a flaw in search.php, the updated release has been dubbed phpBB 2.0.7a, this is the PHP-Nuke update to match that version.
If you already updated to BBtoNuke 2.0.7 or are using PHP-Nuke 7.2 then the only files you need to replace on your site are:
search.php
login.php
and the Private Messages module's index.php
Download here.


 

 

[Security Fix] Possible SQL Injection - PHPBB 2.0.7 More about

Posted on Sunday, March 21, 2004 @ 01:06:56 CST in Security
by Raven

And it never ends . See this post for the gory details and fix. Thanks Lateron for the heads up.


 

 

Hack Alert Script Updated More about

Posted on Friday, March 12, 2004 @ 23:16:52 CST in Security
by Raven

I have updated my Hack Alert script to v1.1. For those that have already downloaded it, use this code instead in mainfile.php

if (stristr($_SERVER["QUERY_STRING"],'%20union%20')) {
$loc = $_SERVER['QUERY_STRING'];
header("Location: hackattempt.php?$loc");
die();
}


 



Page 99 of 102 (608 total stories) [ << | < | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | > | >> ]  

News ©

Site Info

Last SeenLast Seen
  • vashd1
  • neralex
Server TrafficServer Traffic
  • Total: 514,014,318
  • Today: 26,205
Server InfoServer Info
  • Apr 30, 2025
  • 07:59 am CDT
 
 

Site Navigation